AnalysisEngine.FileWatchers.psexecChanged C# (CSharp) Method

FileWatchers Class Documentation Datei anzeigen Open project: rvazarkar/antipwny

psexecChanged() private method

private psexecChanged ( object sender, FileSystemEventArgs e ) : void
sender object
e System.IO.FileSystemEventArgs
return void 
        private void psexecChanged(object sender, FileSystemEventArgs e)
        {
            //73802 = Possible Meterpreter
            //15872 = Possible Psexec
            try
            {
                FileInfo f = new FileInfo(e.FullPath);

                string date = DateTime.Now.ToShortDateString() + " " + DateTime.Now.ToShortTimeString();

                string detect = "";
                if (f.Length == 73802 && f.Name.Contains(".exe"))
                {
                    detect = "Likely Meterpreter Executable";
                    w.write(date, e.FullPath, detect);
                }
                else if (f.Length == 15872 && f.Name.Contains(".exe"))
                {
                    detect = "Likely PSExec Executable";
                    w.write(date, e.FullPath, detect);
                }
            }
            catch (Exception)
            {
                return;
            }
        }
FileWatchers
FileWatchers
exploitChanged
psexecChanged
systempChanged